<!DOCTYPE html>
<html>
<head>
	<title>Wapiti scan report</title>
	<meta charset="utf-8">
	<meta name="viewport" content="width=device-width, initial-scale=1">
	<link rel="stylesheet" type="text/css" href="css/kube.min.css" />
    <link rel="stylesheet" type="text/css" href="css/master.css" />
</head>
<body>
    <div id="page">
        <header style="text-align: center">
        <h2 class="title" style="text-align: center">Wapiti vulnerability report</h2>
        <h3>Target: ${target}</h3>
        <p>Date of the scan: ${scan_date}. Scope of the scan: ${scan_scope}. Crawled pages: ${crawled_pages_nbr}</p>
        </header>
        <hr />
        % if auth_dict != None:
        <h4>Authentication</h4>
        <p>
            Url: ${auth_dict["url"]}<br>
            Logged in: ${auth_dict["logged_in"]}<br>
            % if auth_form_dict != None and len(auth_form_dict) > 0:
            Login field: ${auth_form_dict["login_field"]}<br>
            Password field: ${auth_form_dict["password_field"]}<br>
            % endif
        </p>
        <hr />
        % endif

        <h4>Summary</h4>
        <table class="width-100 hovered" style="background: url('logo_clear.png') no-repeat center;">
            <thead>
                <tr>
                    <th>Category</th>
                    <th>Number of vulnerabilities found</th>
                </tr>
            </thead>
            <tbody id="summary">
                % for i, vuln_name in enumerate(vulnerabilities):
                    <tr>
                        <td class="small">
                            % if len(vulnerabilities[vuln_name]):
                            <a href="#vuln_type_${i}">${vuln_name}</a>
                            % else:
                            ${vuln_name}
                            % endif
                        </td>
                        <td class="small .text-centered">${len(vulnerabilities[vuln_name])}</td>
                    </tr>
                % endfor
                % for i, anomaly_name in enumerate(anomalies):
                    <tr>
                        <td class="small">
                            % if len(anomalies[anomaly_name]):
                            <a href="#anom_type_${i}">${anomaly_name}</a>
                            % else:
                            ${anomaly_name}
                            % endif
                        </td>
                        <td class="small .text-centered">${len(anomalies[anomaly_name])}</td>
                    </tr>
                % endfor
                % for i, additional_name in enumerate(additionals):
                    <tr>
                        <td class="small">
                            % if len(additionals[additional_name]):
                            <a href="#addition_type_${i}">${additional_name}</a>
                            % else:
                            ${additional_name}
                            % endif
                        </td>
                        <td class="small .text-centered">${len(additionals[additional_name])}</td>
                    </tr>
                % endfor
            </tbody>
        </table>
        <hr />
        <div id="details">
            % for i, vuln_name in enumerate(vulnerabilities):
                % if len(vulnerabilities[vuln_name]):
                <h3 id="vuln_type_${i}">${vuln_name}</h3>
                <dl>
                    <dt>Description</dt>
                    <dd>${flaws[vuln_name]["desc"] | h}</dd>
                </dl>

                    % for j, vulnerability in enumerate(vulnerabilities[vuln_name]):
                        <h4>${level_to_emoji(vulnerability["level"])} Vulnerability found in ${vulnerability["path"] | h}</h4>
                        <nav class="tabs" data-kube="tabs" data-equal="true" data-height="equal">
                            <a href="#tab-vuln-${i}-${j}-1" class="is-active">Description</a>
                            <a href="#tab-vuln-${i}-${j}-2">HTTP Request</a>
                            % if detailed_report is True and vulnerability["detail"]["response"] is not None:
                                <a href="#tab-vuln-${i}-${j}-3">HTTP Response</a>
                            % endif
                            <a href="#tab-vuln-${i}-${j}-4">cURL command line</a>
                            <a href="#tab-vuln-${i}-${j}-5">WSTG Code</a>
                        </nav>
                        <section id="tab-vuln-${i}-${j}-1" style="min-height: 124px;">
                            <pre>${vulnerability["info"] | h}</pre>
                        </section>
                        <section id="tab-vuln-${i}-${j}-2" style="min-height: 124px;" class="is-hidden">
                            <pre style="white-space: normal;">
                                % for line in vulnerability["http_request"].split("\n"):
                                    ${line | h}
                                    <br>
                                % endfor
                            </pre>
                        </section>
                        % if detailed_report is True and vulnerability["detail"]["response"] is not None:
                            <section id="tab-vuln-${i}-${j}-3" style="min-height: 124px;" class="is-hidden">
                                <pre style="white-space: nowrap">
                                    HTTP ${vulnerability["detail"]["response"]["status_code"] | h}<br />
                                    % if vulnerability["detail"]["response"]["headers"] is not None:
                                        % for header in vulnerability["detail"]["response"]["headers"]:
                                            ${header[0] | h}: ${header[1] | h}<br />
                                        %endfor
                                    %endif
                                    <br />
                                    ${vulnerability["detail"]["response"]["body"] | h}
                                </pre>
                            </section>
                        % endif
                        <section id="tab-vuln-${i}-${j}-4" style="min-height: 124px;" class="is-hidden">
                            <pre>${vulnerability["curl_command"] | h}</pre>
                        </section>
                        <section id="tab-vuln-${i}-${j}-5" style="min-height: 124px;" class="is-hidden">
                            <pre>${vulnerability["wstg"] | h}</pre>
                        </section>
                    % endfor

                <dl><dt>Solutions</dt><dd>${flaws[vuln_name]["sol"]}</dd></dl>
                <h5>References</h5>
                <ul>
                    % for ref_name, ref_url in flaws[vuln_name]["ref"].items():
                    <li><a href="${ref_url}">${ref_name | h}</a></li>
                    % endfor
                </ul>
                <br />
                <hr>
                % endif
            % endfor
            % for i, anomaly_name in enumerate(anomalies):
                % if len(anomalies[anomaly_name]):
                <h3 id="anom_type_${i}">${anomaly_name}</h3>
                <dl>
                    <dt>Description</dt>
                    <dd>${flaws[anomaly_name]["desc"] | h}</dd>
                </dl>

                    % for j, anomaly in enumerate(anomalies[anomaly_name]):
                        <h4>🤕 Anomaly found in ${anomaly["path"] | h}</h4>
                        <nav class="tabs" data-kube="tabs" data-equal="true" data-height="equal">
                            <a href="#tab-anom-${i}-${j}-1" class="is-active">Description</a>
                            <a href="#tab-anom-${i}-${j}-2">HTTP Request</a>
                            % if detailed_report is True and anomaly["detail"]["response"] is not None:
                                <a href="#tab-anom-${i}-${j}-3">HTTP Response</a>
                            % endif
                            <a href="#tab-anom-${i}-${j}-4">cURL command line</a>
                            <a href="#tab-anom-${i}-${j}-5">WSTG Code</a>
                        </nav>
                        <section id="tab-anom-${i}-${j}-1" style="min-height: 124px;">
                            <pre>${anomaly["info"] | h}</pre>
                        </section>
                        <section id="tab-anom-${i}-${j}-2" style="min-height: 124px;" class="is-hidden">
                            <pre style="white-space: normal">
                                % for line in anomaly["http_request"].split("\n"):
                                    ${line | h}
                                    <br>
                                % endfor
                            </pre>
                        </section>
                        % if detailed_report is True and anomaly["detail"]["response"] is not None:
                            <section id="tab-anom-${i}-${j}-3" style="min-height: 124px;" class="is-hidden">
                                <pre style="white-space: nowrap">
                                    HTTP ${anomaly["detail"]["response"]["status_code"] | h}<br />
                                    % if anomaly["detail"]["response"]["headers"] is not None:
                                        % for header in anomaly["detail"]["response"]["headers"]:
                                            ${header[0] | h}: ${header[1] | h}<br />
                                        %endfor
                                    %endif
                                    <br />
                                    ${anomaly["detail"]["response"]["body"] | h}
                                </pre>
                            </section>
                        % endif
                        <section id="tab-anom-${i}-${j}-4" style="min-height: 124px;" class="is-hidden">
                            <pre>${anomaly["curl_command"] | h}</pre>
                        </section>
                        <section id="tab-anom-${i}-${j}-5" style="min-height: 124px;" class="is-hidden">
                            <pre>${anomaly["wstg"] | h}</pre>
                        </section>
                    % endfor

                <dl><dt>Solutions</dt><dd>${flaws[anomaly_name]["sol"]}</dd></dl>
                <h5>References</h5>
                <ul>
                    % for ref_name, ref_url in flaws[anomaly_name]["ref"].items():
                    <li><a href="${ref_url}">${ref_name | h}</a></li>
                    % endfor
                </ul>
                <br />
                <hr>
                % endif
            % endfor
            % for i, additional_name in enumerate(additionals):
                % if len(additionals[additional_name]):
                <h3 id="addition_type_${i}">${additional_name}</h3>
                <dl>
                    <dt>Description</dt>
                    <dd>${flaws[additional_name]["desc"] | h}</dd>
                </dl>

                    % for j, additional in enumerate(additionals[additional_name]):
                        <h4>${level_to_emoji(additional["level"])} Additional found in ${additional["path"] | h}</h4>
                        <nav class="tabs" data-kube="tabs" data-equal="true" data-height="equal">
                            <a href="#tab-addition-${i}-${j}-1" class="is-active">Description</a>
                            <a href="#tab-addition-${i}-${j}-2">HTTP Request</a>
                            % if detailed_report is True and additional["detail"]["response"] is not None:
                                <a href="#tab-addition-${i}-${j}-3">HTTP Response</a>
                            % endif
                            <a href="#tab-addition-${i}-${j}-4">cURL command line</a>
                            <a href="#tab-addition-${i}-${j}-5">WSTG Code</a>
                        </nav>
                        <section id="tab-addition-${i}-${j}-1" style="min-height: 124px;">
                            <pre>${additional["info"] | h}</pre>
                        </section>
                        <section id="tab-addition-${i}-${j}-2" style="min-height: 124px;" class="is-hidden">
                            <pre style="white-space: normal">
                                % for line in additional["http_request"].split("\n"):
                                    ${line | h}
                                    <br>
                                % endfor
                            </pre>
                        </section>
                        % if detailed_report is True and additional["detail"]["response"] is not None:
                            <section id="tab-addition-${i}-${j}-3" style="min-height: 124px;" class="is-hidden">
                                <pre style="white-space: nowrap">
                                    HTTP ${additional["detail"]["response"]["status_code"] | h}<br />
                                    % if additional["detail"]["response"]["headers"] is not None:
                                        % for header in additional["detail"]["response"]["headers"]:
                                            ${header[0] | h}: ${header[1] | h}<br />
                                        %endfor
                                    %endif
                                    <br />
                                    ${additional["detail"]["response"]["body"] | h}
                                </pre>
                            </section>
                        % endif
                        <section id="tab-addition-${i}-${j}-4" style="min-height: 124px;" class="is-hidden">
                            <pre>${additional["curl_command"] | h}</pre>
                        </section>
                        <section id="tab-addition-${i}-${j}-5" style="min-height: 124px;" class="is-hidden">
                            <pre>${additional["wstg"] | h}</pre>
                        </section>
                    % endfor
                <dl><dt>Solutions</dt><dd>${flaws[additional_name]["sol"]}</dd></dl>
                <h5>References</h5>
                <ul>
                    % for ref_name, ref_url in flaws[additional_name]["ref"].items():
                    <li><a href="${ref_url}">${ref_name | h}</a></li>
                    % endfor
                </ul>
                <br />
                <hr>
                % endif
            % endfor
        </div>
        <footer class="small" id="footer"><a href="https://wapiti-scanner.github.io/" id="wapiti_link">${wapiti_version}</a> &copy; Nicolas SURRIBAS 2006-2022</footer>
	</div>
    <script type="text/javascript" src="js/kube.min.js"></script>
    <script>$K.init();</script>
</body>
</html>